Introducing NSX-T 2.4 – A Landmark Release in the History of NSX

In February 2017, we introduced VMware NSX-T Data Center to the world. For years, VMware NSX for vSphere had been spearheading a network transformation journey with a software-defined, application-first approach. In the meantime, as the application landscape was changing with the arrival of public clouds and containers, NSX-T was being designed to address the evolving needs of organizations to support cloud-native applications, bare metal workloads, multi-hypervisor environments, public clouds, and now, even multiple clouds.

Today, we are excited to announce an important milestone in this journey – the NSX-T 2.4 release, expected to post tomorrow. This fifth release of NSX-T delivers advancements in networking, security, automation, and operational simplicity for everyone involved – from IT admins to DevOps-style teams to developers. Today, NSX-T has emerged as the clear choice for customers embracing cloud-native application development, expanding use of public cloud, and mandating automation to drive agility.

Let’s take a look at some of the new features in NSX-T 2.4:

Operational Simplicity: Easy to Install, Configure, Operate

What if delivering new networks and network services was as easy as spinning up a workload in AWS? In keeping with the ethos that networking can be made easier, over the past few releases, we have focused on improving the user experience at every level – UI, dashboards, APIs, systems. In today’s app-centric, multi-cloud world, networking and security aren’t solely the responsibility of network architects and admins with control, visibility and automation being shared across DevOps teams. VMware NSX serves this need by delivering a centralized and consistent operational tool for everyone to work together. This release brings a number of operational enhancements that makes it easy to install, upgrade, and operate consistently, accelerating Day 0 installation to Day 1 provisioning from days to minutes, and significantly simplifying Day 2 operations for administrators.

Day 0: Installation

The 2.4 release introduces a new converged NSX manager appliance with 3-node clustering support which merges policy, management and central control services on a cluster of nodes, bringing high availability and a scale-out architecture to the management plane. In addition, due to the convergence of management and control plane nodes, fewer VMs are needed which means less management overhead. NSX-T now also includes installation enhancements such as Ansible modules that enable automation of installation workflows.

Day 2: Ongoing Operations

NSX-T enables customers to provision new networks and services with a single API call or a few clicks in a new simplified UI, making NSX the industry’s simplest way to manage an application-centric, software-defined network.

Simplified UI – Overview Tab

Networking Configuration Overview – Centralized View

Here’s a 3-part deep dive demo series to see how NSX-T drastically simplifies networking services:

Infrastructure as Code: A New Declarative Policy Model

Automation-driven fast and agile IT environments is becoming a necessity for every enterprise and service provider in the world. By implementing networking completely in software, NSX makes networks programmable, agile, and dynamic, squarely addressing the many challenges with physical network automation. Consuming NSX through configuration frameworks like Ansible or scripting languages such as Python or PowerShell goes a step beyond the simple usage of the GUI and allows for greater agility, consistency, and scale.

Taking a page from iterative automation in cloud-native environments using NSX-T, we are introducing in this release, a new declarative policy model to enable a one-step approach to configuring networking and security for applications. It drastically simplifies network automation by allowing users to specify what the connectivity and security needs of applications are as opposed to how networking and security should be configured step-by-step. Unlike the imperative-based model where detailed tasks need to be explicitly called out, this new way of provisioning infrastructure gives operators a one-shot, application-focused approach to automating configuration of the network.

This approach eliminates the need for a tedious set of sequential commands to configure networking and security services which is time-consuming and error-prone. The declarative interface takes in simple, user-defined terms the connectivity and security requirements for the application environment specified in a JSON file. These policies are platform-agnostic and easily replicable, simplifying operations and allowing IT teams to scale to new levels.

New Declarative Policy Vs Imperative Model Based Automation

Expanding Security Features, Delivered Intrinsically

Today’s aggressive threats require proactive, modern defense approaches. Micro-segmentation with NSX not only delivers on this promise but takes it one step further with seamless operations and optimized user experience. Not surprisingly, thousands of customers across the globe use NSX for micro-segmentation to protect their data centers and cloud environments from sophisticated attacks.

With every release, NSX-T continues to bolster its ability to deliver consistent, pervasive connectivity and intrinsic security for applications and data across any environment to drastically shrink the application attack surface and reduce business risk. NSX-T delivers security to diverse endpoints such as VMs, containers, and bare metal, as well as to various cloud platforms.

NSX-T 2.4 introduces support for advanced security capabilities such as Layer 7 application context-based firewalling, identity-based firewalling, FQDN/URL whitelisting, guest introspection, and E-W service insertion. The FQDN/URL whitelisting feature applies to E-W traffic in the distributed firewall and it enables customers to allow/whitelist specific traffic going from a VM to a specific FQDN or URL. Benefits of this feature include support for communication to a different system/application in a multi-site environment, support for applications that use native cloud services, and support for URL domain on the internet.

NSX-T 2.4 also brings a new level of analytics and visualization with a new simplified management dashboard and UI for security, as well as support for Splunk app and VMware vRealize Log Insight.

FQDN/URL Whitelisting Enforced at DFW Level

Layer 7 Application Context-Aware Firewalling

Watch the latest Networking Field Day demo video for an in-depth view of the new security capabilities in NSX-T 2.4. And keep an eye out on the Security section of the NSX blog over the next few weeks for technical deep-dives on the security capabilities supported in NSX-T 2.4.

Higher Levels of Scale, Resiliency, Performance

NSX-T was designed from the ground-up to enable a modular, resilient, and distributed architecture that is flexible and scalable to the demands of cloud-scale and multi-cloud environments.

NSX-T 2.4 now supports greater scale, resiliency and performance, with near line-rate speed using a DPDK-based hardware-accelerated data plane.

As global IPv4 address space shortage continues with the explosion of IoT and mobile devices and governments mandate the transition to IPv6, the support for IPv6 in NSX-T 2.4 addresses a critical global problem and a key requirement of cloud-scale networks.

The NSX-T 2.4 release brings support for a converged NSX manager appliance design with 3-node clustering support that merges policy, management and central control services on a cluster of nodes. This brings the benefits of high availability and scale to the management plane.

NSX-T can scale to hundreds of thousands of routes, over a thousand hosts per NSX domain, and enables high-scale multi-tenancy. The higher levels of scale, resiliency, and performance positions NSX to deliver even greater capabilities in a multi-cloud world.

Customer Momentum, Partnerships, and New Opportunities

2018 was an outstanding year for NSX-T in terms of customer momentum. For a peek into the wide breadth of NSX-T customers and VMworld 2018 sessions on NSX-T, check out the blog post here.

NSX-T has been a key enabler of our customers’ multi-cloud and hybrid cloud initiatives as well as cloud-native projects using Kubernetes, VMware PKS, Pivotal Application Service (PAS), and Red Hat OpenShift. It is driving value inside the data center today and expanding across datacenters and to the cloud via our VMware Cloud Provider partnerships, and to VMware Cloud on AWS and native public cloud workloads via VMware NSX Cloud. The network virtualization platform is embedded throughout the VMware portfolio, including VMware Cloud Foundation, VMware vCloud NFV, and in the future AWS Outposts and VMware Cloud Foundation for EC2.

Summary

Our relentless focus on the development cycle of NSX-T continues with the primary goal of uniting and helping secure different clouds and making it easy to use for everyone. With every release, NSX-T continues to gain new capabilities that address emerging customer use-cases, spurring new avenues for organizations to innovate and thrive in the market.

Now is the time to assess how NSX-T can help your organization transform your journey forward – from scaling and securing networks and embracing new clouds to adopting latest practices in automation and new application frameworks – NSX-T delivers on every count.

For customers using NSX for vSphere, VMware will continue to support you throughout your ongoing transformation journey: from investment protection, to continuing to support NSX for vSphere, to giving customers multiple different choices to migrate to NSX-T – stay tuned for more blogs on this topic.

Watch this space for a series of technical deep-dive blogs on some of the key capabilities supported in this release of NSX-T 2.4.

NSX has become the bridge that enables customers to unify networking and security across their private and public clouds, bringing VMware closer to fulfilling its Virtual Cloud Network vision.